Savills (“Savills”) respects personal data privacy and is committed to implement and comply with the data protection principles and provisions under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”).   

In this privacy policy & cookies (“Privacy Policy”), “Savills”, “our” and “we” each mean all Hong Kong companies in the Savills group in Hong Kong (including but not limited to Savills Property Management Holdings Limited, Savills Guardian (Holdings) Limited and their respective subsidiaries) which collect and use your information in the manner set out in this Privacy Policy. Any reference to “you” or “your” refers to anyone whose personal information we process.

This Privacy Policy outlines our practice and choices that you have on collection and use of your personal data.  

Categories of Personal Data Held 

Categories of personal data that Savills may collect from you include the following: – 

a) Client Records

Client records include personal data we collect in the course of our business activities including handling of customers’ membership applications, transactions, complaints and enquiries etc., e.g. Contact (such as phone number, e-mail address and postal address) and identity information (such as passport, identity card or driving licence) (“Contact and Identity Information”).    

b) Supplier Records 

Supplier records include personal data we collect from our service providers, which include Contact and Identity Information, professional qualifications and certificates, job references and bank information.  

c) Building Site Records

Building site records include personal data that we may collect from a site or building managed by us, such as Contact and Identity Information, third parties’ contacts for emergency contact, information contained in the tenancy or deed of assignment and bank information. Where we operate CCTV on a property, we may capture images which would constitute personal data.

d) General Administrative Records

General administrative records include personal data collected in connection with the office administrative functions, records containing information supplied by data subjects and for handling of enquiries and complaints made to Savills, such as name and contact information.

e) Employment Related Records

Employment related records include contact and personal particulars, education, qualifications and work experience, relevant skills, job references, compensation information such as salary and allowances, participation in mandatory provident fund, terms and conditions of service, housing and medical benefits, leave records, training and development, appraisal reports, relationships that could give rise to a conflict of interest, criminal records, conviction and existing and pending investigations and sanctions, conduct and discipline, other information contained in the resumes and information about the dependents of our staff if appropriate.

f) Other Records

Other records include administrative and programme records containing personal data.

Main Purposes of Collecting, Using and Keeping Personal Data 

The main purposes of collecting, using and keeping the personal data are as follows: 

Client records are collected, used and retained by us for providing services such as handling customers’ membership applications, transactions, complaints and enquiries and communications including event information and marketing materials, relationship management and exploration of business opportunities.  The records are also for our statistical analysis, research, conflict search, compliance of laws and regulations including disclosure, investigations and prevention or detection of crime and enforcement of our rights.  

Supplier records are collected, used and kept to support our provision of services, relationship building and exploration of business opportunities.  They are also for identification and management of potential conflict of interests, our statistical analysis, research, compliance of laws and regulations including disclosure, investigations and prevention or detection of crime and enforcement of our rights.  

Building site records are collected, used and kept for provision of services including providing you access to a site or property managed by us, communications including sending notices and bills and enforcement of our rights.  The records are also for security purpose, prevention or detection of crime and discharge of our legal obligations.  

General administrative records are collected, used and kept for the purposes of carrying out various office administrative functions and handling and following up enquiries and complaints.

Employment related records are used and retained by us for all purposes regarding human resource management within Savills including but not limited to processing job applications, providing renumeration and benefits for staff and/ or their dependents, reference, training and career development, performance appraisal and discipline, facilitating communications between Savills and staff, considering promotions and placements and meeting requirements of relevant laws and regulations. 

Other records are kept for various purposes, which vary according to the nature, such as procurement of equipment, organization of activities etc.

Practices of Personal Data Handling 

The practices at a) to f) below are implemented to ensure that personal data held by Savills is handled in accordance with the data protection principles enshrined in the PDPO. 

a)  Collection of personal data 

When collecting personal data, Savills will satisfy the following: 

1. the purposes for which the data is collected are lawful and directly related to a function or activity of Savills; 

2. the manner of collection is lawful and fair in the circumstances of the case; and 

3. the personal data collected is necessary but not excessive for the purpose(s) for which it is collected. 

When Savills collects personal data from an individual, the individual will be provided with a Personal Information Collection Statement on or before the collection in an appropriate format and manner. Practicable steps will be taken to ensure that – 

1. the data subject is informed of whether it is obligatory or voluntary for him/her to supply the data and, if obligatory, the consequences for him/her if he/she fails to do so; and 

2. the data subject is explicitly informed of the purpose for which his/her personal data is to be used, the classes of persons to whom the data may be transferred or disclosed, the rights of the data subject to request access to and correction of the data, and the contact details of the individual to whom any such request may be made. 

b) Accuracy and retention of personal data

Personal data collected and maintained by Savills shall be as accurate, complete, and up-to-date as is necessary for the purpose for which it is to be used. 

Savills maintains a personal data inventory, which contains the kinds of personal data that Savills holds; the purposes for which the personal data is collected, used and disclosed; and how the personal data is stored. The personal data inventory will be reviewed on an annual basis to ensure that it is accurate and up-to-date. 

Personal data will not be kept longer than necessary for the fulfilment of the purpose for which the data is collected or used. Personal data that is no longer required should be erased unless such erasure of personal data is prohibited under any law or it is in the public interest for the data not to be erased. Should there be a need to retain the personal data for statistical purposes, such data will be anonymised so that the individuals concerned can no longer be identified. 

A destruction exercise on records containing personal data will be conducted as and when necessary and in accordance with Savills records management guidelines and procedures. Destruction of paper records would be carried out by irreversible means and electronic records would be cleared or destroyed from storage media before disposal by means of sanitisation or physical destruction. 

c) Use of personal data 

All personal data collected will be used only for purposes, which are directly related to the discharge of Savills’ duties and responsibilities. Personal data collected may be transferred to third parties during the discharge of Savills’ functions when necessary. Relevant personal data may also be disclosed to other entities which are authorised to receive information for the purposes of law enforcement, prosecution or review of decisions. Data subjects would be informed of the possible transferees of their personal data when their personal data is collected. 

If personal data is to be used for a purpose other than the purposes for which the data is collected, express prior consent preferred in writing would be sought from the data subject concerned. In seeking the data subject’s consent, all practicable steps would be taken to ensure that (i) information provided to the data subject is clearly understandable and readable; and (ii) the data subject is informed that he/she is entitled to withhold his/her consent or withdraw his/her consent subsequently by giving notice in writing. 

d) Security of personal data 

Savills observes strictly relevant security standards and regulations. Security arrangements will also be reviewed regularly to ensure that personal data is protected against loss and unauthorised or accidental access, use, disclosure, modification and erasure. The security arrangements adopted include but not limited to the following: 

1. restriction of access to personal data on a “need-to-know” basis; 

2. regular review and enhancement of security measures for protection of personal data in the servers, user computers, transmission of electronic messages, etc.; 

3. regular change of passwords for IT facilities, accounting and personnel systems, etc.; 

4. encryption of all backup storage devices that are to be transported to offsite storage; 

5. limited staff access rights to office areas storing confidential information; and 

6. provision of clear guidelines to staff as to the types of data that may or may not be disclosed to a phone enquirer and implementation of appropriate identity verification procedures to confirm the enquirer’s identity. 

e) Transparency of the personal data policy and practices 

Privacy Policy and practices can be found on Savills website. 

f) Access to and correction of personal data 

Savills recognises an individual’s rights of access to and correction of his/her own personal data in accordance with the PDPO. To make a data access request, an individual should complete the form specified by the office of the Privacy Commissioner for Personal Data, which is available at http://www.pcpd.org.hk/english/publications/files/Dforme.pdf, and submit the completed form to Savills in any one of the following ways – 

Attention to:  Personal Data Privacy Officer

By email: shkdataprivacy@savills.com.hk

By post: Savills Services Group, 7/F, 111 King’s Road, Taikoo Shing, Hong Kong

When handling a data access or correction request, Savills will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request. 

Savills may impose a fee for the direct and necessary cost of complying with a data access request. Savills will clearly inform the requestor the amount to be charged. 

Savills maintains a Register on Requests for Access to Personal Data recording the data access or correction requests received. 

Direct Marketing

For marketing communications and information that we send to you, you can at any time opt-out receiving the communications and information by indicating your preference in the marketing communications or contacting us using the contact information stated below in this Privacy Policy. We will not provide your personal information to other organisations for the purpose of direct marketing.   

International Data Transfer 

Your Personal Data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not offer the same protection). 

Our Website servers are located at Amazon Web Services all over the world, and our group companies, affiliated companies and third-party service providers operate globally. This means that when we collect your Personal Data, we may process it in any of these countries. 

However, we take steps to safeguard your Personal Data in accordance with this Privacy Policy Statement. Further details about the protection given to your Personal Data can be provided upon request by contacting us using the details herein. 

Incident Reporting and Breach Handling 

A mechanism is set up for incident reporting and breach handling in case there is loss or leakage of personal data, or there is a reason to believe that the personal data held by Savills has been compromised. 

Ongoing Monitoring and Review 

Savills will keep the Privacy Policy and Practices under regular review. Officers responsible for handling personal data will attend relevant training courses and keep up to date with personal data policies. 

The use of cookies by Savills

a) What is a cookie?

A cookie is a small text file that is downloaded onto your computer when you visit certain websites and allows a website to recognise a user's computer. Cookies are used to help users navigate websites more efficiently and to perform certain functions, as well as to provide information to the owners of the website.

b) What cookies do Savills use?

The table below lists the cookies used by this website and provides a description of how each cookie works, clicking the '+' symbol will expand the box to give further explanation on each cookie. Where further information about a cookie exists on an external website a link has been provided under 'More information'.